IETF Logo Mail Archive

[TLS] WG Adoption for TLS Trust Expressions

Devon O'Brien <asymmetric@google.com> Tue, 23 April 2024 20:37 UTC

Return-Path: <asymmetric@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEC08C14F5EE for <tls@ietfa.amsl.com>; Tue, 23 Apr 2024 13:37:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.589
X-Spam-Level:
X-Spam-Status: No, score=-17.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m_k78NXAa2TK for <tls@ietfa.amsl.com>; Tue, 23 Apr 2024 13:37:40 -0700 (PDT)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 063FFC14CE2E for <tls@ietf.org>; Tue, 23 Apr 2024 13:37:39 -0700 (PDT)
Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-434ffc2b520so45931cf.0 for <tls@ietf.org>; Tue, 23 Apr 2024 13:37:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713904659; x=1714509459; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=YjcwHgh8eyOuha2yT0ZZTUWd+nsMsRDX0HRvgfSJH1s=; b=r7NX5/dj6rWjjQuKzMlzmIYQz+2lV2ELwlTRrIBp6tJTCkgduHjuEmFQ0lk6MjyiWv 3a9Y22NHibe+Wt7hAMlvN4ZrK4mhWcNzUoXpSxKq+LsPxXrRdCw7f1HR3oBFaF49NJjJ aufPbkM1AR3c77zYOTw6TiAEX5+LkHKCpDZMUNoU1gHdqakJdlbUNu0r65iTCHTJspEX 4OXpVlgFf64m3K7B8j/kzfOPd7eSJzZSliRCPGYkn9lTETRGNc2ocKcCceaxJUj1rMrd bgk40+E1xiRdhHwyeD/ZUVBcWyDMBU3vw8jADIAmQqAxJW5Y0EvSQaA2uo0wx3/K8dGP eJMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713904659; x=1714509459; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=YjcwHgh8eyOuha2yT0ZZTUWd+nsMsRDX0HRvgfSJH1s=; b=sTrVbTwUJ1jqAzKI4QhCAl7CCjQS6DG8vpiQn2HuS8IQT7NTmDzLmeu9HibuAtQr8z V8HVLs4++KpREi1GnHSN6G2B0r9mIXmTJ7RxPkwZ4QtcDf89adg122EX1T3oRtcpzgH8 2h3f4bzXTFJEbQNaA7m4T5ASn3GuI6zoFLb8kCljD+Fd1cLKDyemkk8xNtQzVHZFGU7Z VL6b7dta6By1PIw7PkZgQD02eiXl4fvUoPzPwbN3clMKwnNsizXhdRLUH0BSpTXrZkUh yR5Q+dkqgXFQliQaFWnroT8hdjZGJ0XLDzwTcTJZL+kJD8db6Yn0CsBqRnDouLJzUOUW FJFw==
X-Gm-Message-State: AOJu0YzAq0wzAmCB0y/dyMUx935BRQ3haR/RrCHWXVw1piHgpKIOeGYM sss6x1KrDw0NKtjenwEoUGX9Lh7biFPqG2B1A8oG2I+WrTlfIMGnZYBmypNYjmQMqrUETuEaMeW sXo09SdwJGCN6tQVpgYdhpnhdOUOLP9/tNhJWBF9aJ8KYAfRluMxh
X-Google-Smtp-Source: AGHT+IH7go46mztlTBR/ywioRO2ckXJ3ZMlvjqiO6k3tkfenxLHNoB7tQOWaJYj5oEicjg/HZo3erSloMQGrLU1mg1M=
X-Received: by 2002:ac8:6755:0:b0:437:99d8:ea6e with SMTP id n21-20020ac86755000000b0043799d8ea6emr71018qtp.2.1713904658565; Tue, 23 Apr 2024 13:37:38 -0700 (PDT)
MIME-Version: 1.0
From: Devon O'Brien <asymmetric@google.com>
Date: Tue, 23 Apr 2024 13:37:26 -0700
Message-ID: <CAD2nvsQafns7PB72uV2CBgrt1N+f3YK6p_=EO-A_Bs-mb9=g1Q@mail.gmail.com>
To: tls@ietf.org
Cc: Bob Beck <bbe@google.com>, "davidben@chromium.org" <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="0000000000005ab5310616c986aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/pQwe3GFcvoTNl2skv2rEAfqMAqk>
Subject: [TLS] WG Adoption for TLS Trust Expressions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2024 20:37:49 -0000

After sharing our first draft of TLS Trust Expressions
<https://datatracker.ietf.org/doc/draft-davidben-tls-trust-expr/> and
several discussions across a couple  IETFs, we’d like to proceed with a
call for working group adoption of this draft. We are currently prototyping
trust expressions in BoringSSL & Chromium and will share more details when
implementation is complete.

As we mentioned in our message to the mailing list from January, our
primary goal is to produce a mechanism for supporting multiple subscriber
certificates
<https://github.com/davidben/tls-trust-expressions/blob/main/explainer.md>
and efficiently negotiating which to serve on a given TLS connection, even
if that ends up requiring significant changes to the draft in its current
state.

To that end, we’re interested in learning whether wg members support
adoption of this deployment model and the currently-described certificate
negotiation mechanism or if they oppose adoption (and why!).

Thanks!

David, Devon, and Bob

v2.23.0 | Report a Bug | By Email